6.1. MADx processes the following data of the customer as the controller: customer number, name, Company Register number or other register or ID number (like VAT and tax number), if any, address, contact information (such as telephone number, fax number, e-mail address), data on order management and invoicing (such as date of order, products, quantities, prices, shipping and invoicing data), product details (such as LOT, batch or serial number, production and use-by date, UDI, etc.), errors, damage, accidents or complaints in connection with the product as well as name and data of contacts at the customer’s.
6.2. These data are processed for the following purposes: • execution of contracts (Art 6 (1) (b) GDPR); • preservation of evidence (legitimate interest within the meaning of Art 6 (1) (f) GDPR); • compliance with obligations under the applicable medical device law or related regulations, in particular the Medical Device Regulation. This concerns, for example, processing for the purposes of market surveillance, traceability and risk management after placing on the market (legal obligation as defined in Art 6 (1) lit (c) GDPR); • contact data for the purpose of establishing promotional contact by e-mail, mail, fax or telephone (consent in accordance with Art 6 (1) (a) GDPR (Section 6.7.) and legitimate interest within the meaning of Art 6 (1) (f) GDPR).
6.3. MADx receives this data either from the customer himself or from a distributor through whom goods are purchased.
6.4. The mentioned data will be processed for the duration of the contractual relationship and will be erased, due to statutory obligations to preserve commercial records, not later than seven years after termination of the contractual relationship, except when more extensive obligations for preservation apply. Contact data will be used for advertising purposes until such time as consent is revoked or for a maximum of three years after termination of the contractual relationship or the last customer contact. Data for compliance with the obligations of medical device law and related regulations will be processed for the duration of the life cycle of the products or, if necessary, beyond that, if this is necessary for the above-mentioned purposes.
6.5. The above data will not be disclosed to any third party. Excluded from this are: • distributors who are entrusted with the execution of the contract, for this purpose as well as for establishing contact or for purposes of market surveillance and traceability of the goods in accordance with medical device law and related regulations; • competent authorities in enforcement of medical device law and related regulations, in particular in the context of vigilance; • service providers of MADx who process customer data as processors within the meaning of the GDPR exclusively under the instructions of MADx (e.g. for hosting purposes or for sending newsletters etc.).
6.6. The customer shall promptly inform MADx of any changes in the data required for the contract. The customer has the right to information about the data processed by MADx concerning him or her and – to the extent defined by law – to demand rectification or erasure or restriction of their processing or to object to processing and the right to data portability. Moreover the customer shall be entitled to file a complaint with the Austrian Data Protection Authority (Datenschutzbehörde).
6.7. The customer consents to being informed by MADx of products and other offers by e-mail or by telephone and to having MADx process the requisite e-mail address and telephone number for this purpose. Such consent is not necessary for rendering the contractual works and services and may be revoked at any time without stating any reasons by sending an e-mail to firstname.lastname@example.org.
6.8. Data processing within the scope of providing other services or using MADx software and products is regulated in the respective special agreements or conditions concerning these.